Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1900

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICAL
EPSS
41.4%
top 2.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Microsoft OfficeMicrosoft Office Compatibility PackMicrosoft Word+1 more
Timeline
PublishedAug 11
Latest updateMay 14

Description

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmicrosoft/word2002, 2003, 2007+2
NVDmicrosoft/office2004, 2008+1

🔴Vulnerability Details

2
GHSA
GHSA-q376-825x-2mgx: Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Vi2022-05-14
CVEList
CVE-2010-1900: Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Vi2010-08-11

💥Exploits & PoCs

1
Exploit-DB
Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow2010-09-11
CVE-2010-1900 (CRITICAL CVSS 9.3) | Microsoft Office Word 2002 SP3 | cvebase.io